Report: All Top 10 Facebook Apps Leaking Personal Information

According to a report in the Wall Street Journal, a large number of the most popular applications on Facebook — including all of the 10 most popular apps — have been improperly transmitting user info, including names and possibly names of friends to advertising and internet tracking companies.

Writes the Journal:

The issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook’s strictest privacy settings. The practice breaks Facebook’s rules, and renews questions about its ability to keep identifiable information about its users’ activities secure.

The problem has ties to the growing field of companies that build detailed databases on people in order to track them online… It’s unclear how long the breach was in place. On Sunday, a Facebook spokesman said it is taking steps to “dramatically limit” the exposure of users’ personal information.

The Journal says the apps they investigated were sending Facebook ID numbers to at least 25 advertising and data firms, “several of which build profiles of Internet users by tracking their online activities.”

The report singles out one such firm, Rapleaf, which it says had added Facebook user IDs to the database of Internet users it sells to yet other firms. However, a VP for the company tells the paper, “We didn’t do it on purpose.”

Comments

Edit Your Comment

This is me being shocked. I’m shocked. Can you tell how shocked I am? And yet again, everyone will get upset because they were stupid enough to put a bunch of personal information online and then find out it was spread all over.

Yes, let’s all wank about the stupidity of people who believed a privacy agreement meant what it said, instead of the dishonest companies who lied to them. Because we feel so much safer with victim-blaming!

The privacy agreement was with Facebook. When you sign up for a Facebook app, that’s a 3rd party. They’re not beholden to privacy agreements you make with Facebook, especially when you give them permission to access that information, as you have to do when you install them.

It’s like the dinks with the Android phones who are all pissed off because programs they downloaded are mining their data. Well hell, what exactly did you think was going to happen when the wallpaper program asked for your contact list and internet access?

Unless you own and operate the cloud, or your own site – then any data you provide is at risk regardless of the “Privacy Policy”. It can be intentional, or unintentional – but it will get out. If you want your friends to know what you’re doing – call them.

Facebook and it’s ilk are risky to your life, health, and livelihood. Just say “No thanks” to them…

All 200 of them? This “don’t use Facebook in the first place” argument (predominantly voiced by those who neither use nor understand the benefits of the website in the first place – or maybe those who have no friends) is getting old and misses the entire point of that this story addresses. This is 2010. Most people aren’t going to stop using Facebook. The problem that needs to be addressed is the leaking of personal information and the acts against the Privacy Policy on behalf of these applications. Facebook is a billion dollar company and should take steps to prevent these sort of things from happening.

Yes, but what you are missing is that normally the advice given at Consumerist is to “walk away” from a company that mistreats its customer base. You’re saying people won’t do that and that this company needs to take responsibility for its deceitful practices. But why would they have to? No one’s leaving and they’re making good money off of their users. There is no incentive for Facebook to do the right thing. They know most people will still stay even if they are blatantly screwing them. So why stop now? Think of all the things they’re doing that you DON’T know about! If you’re fine with that, then all is well.

apparently the problem here is that you do have to leave facebook to get away from farmville because it’s accessing info on the friends of users. i don’t use farmville but my sister’s addicted. which means farmville is accessing my info on facebook.
only they aren’t really, because i use a fake name and demographics

Any time one of those app spams shows up in my feed, I follow the link to visit the app. On the app’s page, there is a link to “block this application”. This allegedly prevents the application from accessing my info.

It was a seemingly endless task at first — but now that I’ve blocked most of the major apps, I rarely see notices in my feed anymore.

So wait, let me get this straight…a free online service that makes no revenue at all from it’s bazillions of users, but does collect exabytes of data from each person who logs on…which is a treasure trove for marketing and data mining activities to every company in the world…might actually be trying to make money by giving access to that data?

Wow, who would have thought that you couldn’t implicitly trust a free online service to safeguard every little piece of personal data you can possibly think up and regurgitate onto their site?

I mean…there’s just no way you could have seen any such thing happening, right? It’s a free service, they’re just doing it out of the goodness of their hearts! They’re, like, philanthropists…right?

You are missing the most important part: they explicitly tell users this will not happen. You can be as derisive and asinine as you like about how predictable this is, but the fact remains that both Facebook and the app writers lied to their users.

“We will sell your aggregate data, but will not personally identify you” != “free lunch”. If you can get over your need to announce how much smarter you are than the Internets for a minute, you might be able to grasp the idea that people can agree to one kind of exchange (you include me in your demographic data without identifying me personally, I get to use your service free) without agreeing to another (you can report anything you want about me, even if I told you not to and you agreed not to).

I do demand accountability. My point is that you can’t expect to get something for nothing, and when a corporation (that’s hemorrhaging money) has vast amounts of your data they can sell to make revenue…or they can abide by their privacy policy and go bankrupt…what do you honestly think is going to happen?

I suppose you show your ID to Huggy Bear when you book your ho too…he says he won’t violate your privacy, right? So it’s cool.

Bullshit. They don’t have to sell the PERSONAL data of their users to make money. They can do it like other companies – put ads up on their site, and sell that ad space to advertisers. They can aggregate and sell DEMOGRAPHIC information that doesn’t tie to a particular user (e.g. 52% of our users are male, 13% of our users are from the midwest) and make good money that way.

On the surface, targeted advertising seems to benefit the consumer because they get to see what they’re interested in. However, it’s:

a) Psychological manipulation. You buy what you’re interested in, so you’ll buy more – even if you don’t really need it.

b) Risky to your life: Someone trying to do you harm now knows intimate personal details about you. Occurs rarely – but why allow it to happen at all to you? Why risk it just so you can see an ad for muffins instead of bagels?

c) Risky to your livelihood: Employers troll these services. They find out that you drink EVERY weekend, correlate that with you being late every monday – and fire you. Or cut your insurance. Or raise your insurance rates. Or a potential new employer sees that you like to enjoy time with your friends every weekend and figures you will push back on working weekends, so they hire someone else. Or they don’t like the way you look – so they hire someone else. Or they don’t like your car, figure you’ll ask for more money to get a better one, so they hire someone else. Or they think your car is too good and you’ll want a better one or have to maintain that one and hire someone else. Or….

d) You don’t get any real benefit. The companies make MILLIONS, you get some half-assed free service that only serves to extract more personal information from you, which puts you at risk.

Facebook was designed to get college kids laid. It’s totally outgrown it’s original purpose, and is dangerous.

The Zynga CEO openly admitted that they were scamming people, if that isn’t enough of a warning that the company is shady, then I don’t know what is. Not saying that the people who are still playing these games deserve to have their info sold off, but seriously, what do you expect from a company that has not qualms with being a dick?

No, because I understand that people are occasionally idiots and don’t read the news stories like those where-in douchy CEO’s admit to screwing people. They read the statement when they first play the game that says “we won’t sell your info” and expect that their info will in fact not be sold. We (those who tend to read more) are the ones who are not surprised that said douchy CEO’s are doing things such as this.

Taco you and Plumnoir beat me to this. “a VP for the company tells the paper, “We didn’t do it on purpose.””

Bullshit. Do we really have to get in to a Bill Clinton define “it” semantic argument here Mr. VP? Good job WSJ figuring out what anyone who looked in to FB for more than 5 minutes already knew.

Is this why I can’t watch my regional sports or FX on DISH or Cablevision now…b/c you spent so much money on this exhaustive undercover investigation you have to make up for it in the TV content division?

The funniest thing is, a bunch of users found an exploit in the Zynga Cafe World game, where you could get unlimited Cafe Cash.

Zynga tamped that down quick and their initial comment on the matter was that they were trying to protect their users from scam websites that could harm their computers and “the integrity of the game”.

Now we find that they are selling names off to “who knows who” for profit.

Now one can see why I never use any third-party Facebook apps. Not one. Ever. And when notifications come into my stream, from other users announcing they found a new baby seal or telling me I join their mafia posse, I block the app that sent it.

Ummm, didja READ the article? Even people who use no apps, and have the strictest privacy settings, are having their info sold. If one of your friends uses Farmville, or any of the apps listed above, then Zynga is selling YOUR info.

Nevertheless, I block every app. All the time. Without fail. It might not prevent my information leaking out … but at least none of my Facebook friends will have THEIR information leaked, because of ME.

“Your name, profile picture, gender, networks and user ID (along with any other information you’ve set to everyone) is available to friends’ applications unless you turn off platform applications and websites.”

I found that statement under the “Choose Your Privacy Settings > Applications, Games and Websites” page on Facebook.

It seems as if you can prevent this from happening, but of course, it seems like the default is “ON” and the settings are buried so deep that few will find it.

Also, under Application settings, you can view the settings for each Ap you may have used. It will tell you what info that the application is pulling off your profile, and if any data was recently recorded.

You may also choose what profile information you choose to share with Friend’s Apps (In case you decide to leave that first option above to “ON”)

Dude, it’s not that I don’t care, it’s just that I’ve warned them before, and they still do nothing, because most of them are.. well… not that bright. So I’m not going to try to help those who do not want to be helped.